Release 2023-08-20

Release 2023-08-20

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.
• Please review the following CVEs that impact all Windows node pools in AKS clusters - CVE-2023-3676, CVE-2023-3955, and CVE-2023-3893. Please update your Windows nodes to the VHD version 230809 as mentioned in these issues.
• To avoid disruptions stemming from unmanaged Canonical nightly security updates, AKS will disable unmanaged Canonical nightly updates by 2 September 2023
  on clusters that haven’t specified an update option explicitly, mapping to the option None in the node OS upgrade channel feature. AKS strongly recommends proactively moving to auto-upgrade node-image or node OS upgrade channel - SecurityPatch; you can set maintenance windows for these channels.

Release notes

• Features

  • Image Cleaner is now generally available.
  • Planned maintenance is now generally available.
  • Azure AD workload identity with AKS has been made available in the following regions - eastus, australiacentral, australiaeast, brazilsouth, canadacentral, centralindia, eastasia, eastus2, francecentral, germanywestcentral, japaneast, jioindiawest, koreacentral, northcentralus, northeurope, norwayeast, qatarcentral, southafricanorth, swedencentral, switzerlandnorth, uaenorth, ukwest, westus2.
  • networkPolicy to 'none' (no network policy engine is installed) as a default value if unspecified when creating a cluster. Setting networkPolicy to 'none' is blocked for API versions prior to 2023-09-02-preview.

• Behavioral changes

  • Microsoft.ContainerService/locations/{location}/kubernetesVersions operation will now return isDefault: true on default version.

• Component Updates

  • Azure Monitor container insights addon updated to 08/17/2023 release.
  • Updated Azure Monitor metrics addon image to 08/11/2023 release.
  • Updated Azure Disk CSI driver to v1.26.6 on AKS versions >= 1.24.0 and < 1.27. Updated Azure Disk CSI driver to v1.28.2 on AKS versions >= 1.27.0.
  • Updated Azure File CSI driver to v1.24.4 on AKS versions >= 1.24.0 and < 1.26. Updated Azure Disk CSI driver to v1.26.4 on AKS versions >= 1.26.0.
  • Updated Azure CNS to v1.4.44.4
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.16.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.16.0.
  • Azure Linux image has been updated to AzureLinux-202308.16.0.

Release 2023-08-13

Release 2023-08-13

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• No new clusters can be created with Azure AD Integration (legacy). Existing AKS clusters with Azure Active Directory integration will keep working. All Azure AD Integration (legacy) AKS clusters will be migrated to AKS-managed Azure AD automatically starting from 1st Dec. 2023. We recommend updating your cluster with AKS-managed Azure AD before 1 Dec 2023. This way you can manage the API server downtime during non-business hours.

Release notes

• Features

  • Azure Container Networking Interface (CNI) Overlay now fully supports Windows Server 2019 and 2022.

• Behavioral changes

  • Azure monitor metrics addon image is reverted from 07-28-2023 release back to the 06-26-2023 release because 07-28-2023 release contains an issue that configmap processing is broken for $ in regex fields.
  • Automate the creation and connection of a Private Link Service to an Azure LoadBalancer, only requiring users to create Private Endpoint connections for private connectivity.

• Component Updates

  • AKS Image cleaner eraser image bumped to v1.2.0.
  • Linux Network Policy Manager （NPM） version bumped to v1.4.45.1 for nftables performance improvements and security patches.
  • ACI connector addon (virtual node) bumped to v1.6.0.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.10.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.10.0.
  • Azure Linux image has been updated to AzureLinux-202308.10.0.
  • AKS Windows 2019 image has been updated to 17763.4737.230808.
  • AKS Windows 2022 image has been updated to 20348.1906.230808.

Release 2023-08-06

Release 2023-08-06

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• New v1.27+ AKS clusters will have KMS v2 configured by default when KMS is enabled. Customers with clusters on v1.26 and below with KMS enabled will not be able to upgrade to v1.27. To upgrade, follow the steps outlined in this documentation for migrating from KMS v1 to v2, and then proceed with upgrading the cluster to version v1.27.
• The pod security policy feature was deprecated on 1st August 2023 and removed since AKS version 1.25. We recommend you migrate to pod security admission controller or Azure Policy to stay within Azure support.

Release notes

• Preview Features

  • Network Observability add-on plugin is a new public preview feature that will scrape useful metrics from Kubernetes workloads and emit actionable networking observability data into industry standard Prometheus format, which can then be visualized in Grafana.

• Behavioral changes

  • New built-in policy for planned maintenance.
  • Customers will now be able to use node public IP with authorized IP ranges and API Server VNet integration. Previously this functionality was blocked.
  • Customers can now install Azure Service Mesh on AKS clusters with Cilium.
  • Configure exponential backoff in calls from the Cilium daemonset to the Kubernetes apiserver in Azure CNI Powered by Cilium to improve recovery from OOM kills.

• Bug Fixes

  • Fixed a bug where the addon-token-adapter may get a staled long connection to apiserver causing network connection errors.
  • Added validation to check if pobSubnet is associated with NAT Gateway when cluster outbound type is userAssignedNATGateway and pobSubnet in agentpoolProfile is not empty.

• Component Updates

  • Windows CNS updated to v1.4.44.4
  • Envoy Proxy (part of OSM and Istio) has been updated to 1.26.4 to fix CVE-2023-35941 and CVE-2023-35944.
  • OMSAgent for Azure monitor updated to 3.1.11
  • Cluster Autoscaler images are releasing new versions for 1.25.x, 1.26.x, 1.27.x.
  • Azure File CSI Driver has been updated to v1.28.1 on AKS 1.27.
  • Updated wasm containerd shims to v0.8.0, and added wasm worker server shim.
  • Cloud provider Azure versions are bumped to v1.25.17, v1.26.13, v1.27.7 for the corresponding patch versions with the following changes: Health probe port can be any port assigned by customer, Increase limit for TCP Idle Timeout to 100 minutes, Virtual node will always exists.
  • Azure Monitor Metrics addon image updated in 07-28-2023 release
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202308.01.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202308.01.0.
  • Azure Linux image has been updated to AzureLinux-202308.01.0.

Release 2023-07-30

Release 2023-07-30

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• For AKS clusters built at version v1.27+ and enable KMS, KMS v2 is configured by default. However, for clusters with KMS enabled at versions below v1.27, upgrading to v1.27 will be blocked. To upgrade, follow the steps outlined in this documentation for migrating from KMS v1 to v2, and then proceed with upgrading the cluster to version v1.27.
• The pod security policy feature was deprecated on 1st August 2023 and removed since AKS version 1.25. We recommend you migrate to pod security admission controller or Azure Policy to stay within Azure support.

Release notes

• Features

  • The AKS Vscode extension now supports cluster creation.
  • Kubernetes version 1.27 is now Generally Available (GA).

• Behavioral changes

  • Kubernetes version 1.24 is now deprecated.
  • During Outbound Type Migration, Public IPs are released when it doesn't meet Outbound IP goal.
  • During Outbound Type Migration, NAT Gateway Profile is set to 1 when Outbound Type is set to something other than Managed NAT Gateway.

• Component Updates

  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202307.27.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202307.27.0.
  • Azure Linux image has been updated to AzureLinux-202307.27.0.
  • Istio-based service mesh add-on's istiod and ingress images updated to v1.17.5. User needs to restart the workload pods to trigger re-injection of the newer patch version of istio-proxy. More information can be found here.
  • Updated Windows Azure CNI to v1.5.6.
  • Updated microsoft-defender-pod-collector image to 1.0.73.

Release 2023-07-23

Azure Kubernetes Service Changelog

Release 2023-07-23

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• Kubernetes 1.24 is being deprecated end of July 2023 and support will transition to our platform support policy.
• Starting Kubernetes 1.25, the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the [FAQ][https://learn.microsoft.com/troubleshoot/azure/azure-kubernetes/aks-increased-memory-usage-cgroup-v2] for cgroupsv2.
• A known issue in Kubernetes version 1.24 is causing name resolution failures in Windows pods. Customers experiencing this issue should upgrade their cluster to Kubernetes version 1.25.
• CVE-2023-35945 has been found in Envoy Proxy (part of OSM and Istio). We are rolling out a fix to all affected customers, please follow the instructions to monitor the rollout and restart your proxies.
• For AKS clusters built at version v1.27+ and enable KMS, KMS v2 is configured by default. However, for clusters with KMS enabled at versions below v1.27, upgrading to v1.27 will be blocked. To upgrade, follow the steps outlined in this documentation for migrating from KMS v1 to v2, and then proceed with upgrading the cluster to version v1.27.

Release notes

• Features

  • New K8s patch versions
    • Removed 1.24.9, added 1.24.15.
    • Removed 1.25.5, added 1.25.11.
    • Removed 1.26.0, added 1.26.6.
    • Added 1.27.3(preview).

• Behavioral changes

  • CNI V2 maxpods increased from 16 to 60 for clusters with more than 1000 nodes and to 40 for clusters with less than 1000 nodes.
  • Cloud provider will no longer remove nodes that go to a NotReady state after having been Ready from the load balancer backend pools. #4283

• Bug Fixes

  • Fixed a bug that custom kubelet identity was not working on VMAS clusters.

• Component Updates

  • Cloud Provider Azure versions are bumped to 1.24.22, 1.25.16, 1.26.12, and 1.27.6
  • CNS for AKS CNI PodSubnet and CNI Overlay bumped to 1.4.44
  • AKS Image cleaner eraser image bumped to v1.1.1

2023-07-16

Release 2023-07-16

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• Kubernetes 1.24 is being deprecated end of July 2023 and support will transition to our platform support policy.
• Starting Kubernetes 1.25, the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance, and read the [FAQ][https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/aks-increased-memory-usage-cgroup-v2] for cgroupsv2.
• A known issue in Kubernetes version 1.24 is causing name resolution failures in Windows pods. Customers experiencing this issue should upgrade their cluster to Kubernetes version 1.25.
• A CVE has been found in Envoy Proxy (part of OSM and Istio). We are rolling out a fix to all affected customers, please follow the instructions to monitor the rollout and restart your proxies.

Release notes

• Features

  • Bring your own keys (BYOK) with Azure disks is GA

• Behavioral changes

  • Remove the deprecated label kubernetes.io/role=agent from ama-logs-windows daemonset and ama-logs-rs deployment.
  • Allow existing AKS clusters to enable Azure CNI Powered By Cilium by setting networkDataplane=cilium.

• Component Updates

  • Upgrade Azure File CSI driver to v1.24.3 to fix CVE
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202307.12.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202307.12.0.
  • Azure Linux image has been updated to AzureLinux-202307.12.0.
  • AKS Windows 2019 image has been updated to 17763.4645.230712.
  • AKS Windows 2022 image has been updated to 20348.1850.230712.

Release 2023-07-09

Azure Kubernetes Service Changelog

Release 2023-07-09

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• Kubernetes 1.24 is being deprecated end of July 2023 and support will transition to our platform support policy.
• Starting Kubernetes 1.25, the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance.
• A known issue in Kubernetes version 1.24 is causing name resolution failures in Windows pods. Customers experiencing this issue should upgrade their cluster to Kubernetes version 1.25.

Release notes

• Bug Fixes

  • A node restriction bug has been fixed that caused issues with Windows Server container pods while using inline volume for 1.24+ clusters.

• Component Updates

  • Update KEDA addon to v2.10.1 for versions less than Kubernetes version 1.27 and KEDA v2.11 for Kubernetes version 1.27.
  • Update Azure Monitor for Containers to v3.1.10.
  • Hotfixes for Kubernetes images v1.24.9, v1.24.10, v1.25.5, v1.25.6, v1.26.0, v1.26.3, and v1.27.1.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202307.04.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202307.04.0.
  • Azure Linux image has been updated to AzureLinux-202307.04.0.

Release 2023-07-02

Release 2023-07-02

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• Kubernetes 1.24 is being deprecated end of July 2023 and support will transition to our platform support policy.
• Starting Kubernetes 1.25, the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance.
• A known issue in Kubernetes version 1.24 is causing name resolution failures in Windows pods. Customers experiencing this issue should upgrade their cluster to Kubernetes version 1.25.

Release notes

• Preview Features

  • Added annotations to App Routing add-on for Prometheus automatic discovery and scraping of the nginx ingress controller metrics.
  • Support for changing pod CIDR for bring your own CNI plugin.

• Behavior Changes

  • The default OS disk type for non-ephemeral OS disks is now Standard SSD.

• Bug Fixes

  • Disabled auto mounting of service account token for ip-masq-agent.
  • Fixed an issue that can incorrectly override the custom certificate authority trust on a nodepool update.

• Component Updates

  • Update Azure Monitor metrics addon image to release 06-26-2023.
  • Update Azure Blob Storage CSI driver version to 1.22.1 on Kubernetes 1.27+
  • Update Azure CNS to v1.4.44.2 and v1.5.5; adding CNI v1.5.5, and adding dropgz v0.0.9.
  • Update App Routing add-on image to use ingress-nginx 1.3.0
  • Hotfixes for Kubernetes images v1.24.9, v1.24.10, v1.25.5, v1.25.6, v1.26.0, v1.26.3, and v1.27.1.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202306.26.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202306.26.0.
  • Azure Linux image has been updated to AzureLinux-202306.26.0.

Release 2023-06-25

Release 2023-06-25

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Kubernetes 1.24 is the last version of Kubernetes supported by AKS Engine. Kubernetes 1.24 goes end-of-life in July, at which point Upstream will stop releasing patches for AKS Engine and archive the project. Please consider using Azure Kubernetes Service (AKS) for managed Kubernetes or Cluster API Provider Azure for self-managed Kubernetes.
• Because of Ubuntu 22.04 FIPS certification status, we'll switch AKS FIPS nodes from 18.04 to 20.04 from 1.27 preview onwards.
• After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
• Windows 2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows 2022.
• Kubernetes 1.24 is being deprecated end of July 2023. From Kubernetes 1.25 the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance.

Release notes

• Behavior Changes

  • Added node anti affinity for Cilium and Azure Linux so that Network Observability extension does not run on these environments that are not supported.
  • Cluster create check that the size of Kubenet based clusters will not exceed 400 nodes (Kubenet on Azure limit)

• Bug Fixes

  • Enable failure-domain.beta.kubernetes.io labels on K8S 1.26+ nodes by default to resolve issue with in tree CSI drivers. Will be removed from K8S 1.28

• Component Updates

  • Upgrade Secret store driver to v1.3.4
  • Upgrade Azure Disk CSI driver version to 1.26.5 on K8S 1.24+
  • Upgrade AGIC addon to version 1.7.1 for K8S >= 1.27
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202306.19.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202306.19.0.
  • Azure Linux image has been updated to AzureLinux-202306.19.0.

Release 2023-06-18

Release 2023-06-18

Monitor the release status by regions at AKS-Release-Tracker.

Announcements

• Kubernetes 1.24 is the last version of Kubernetes supported by AKS Engine. Kubernetes 1.24 goes end-of-life in July, at which point Upstream will stop releasing patches for AKS Engine and archive the project. Please consider using Azure Kubernetes Service (AKS) for managed Kubernetes or Cluster API Provider Azure for self-managed Kubernetes.
• Because of Ubuntu 22.04 FIPS certification status, we'll switch AKS FIPS nodes from 18.04 to 20.04 from 1.27 preview onwards.
• After May 31, 2023, Ubuntu 18.04 will reach end of life. AKS will continue to update the host OS from Canonical into the Kubernetes 1.24 VHD images. Customers will not receive daily security updates from Canonical past the end of May, but will be able to consume those through a node image update only.
• Windows2019 will be retired in Kubernetes v1.33 and above (ETA March 2026). Customers should upgrade to Windows2022.
• Kubernetes 1.24 is being deprecated end of July. From Kubernetes 1.25 the default cgroups implementation on AKS nodes will be cgroupsv2. Older versions of Java, .NET and NodeJS do not support memory querying v2 memory constraints and this will lead to out of memory (OOM) issues for workloads. Please test your applications for cgroupsv2 compliance.

Release notes

• Preview Features

  • Existing AKS private clusters can now be converted to API Server VNet Integration clusters.

• Behavior Changes

  • Added node affinity for ebpf-dataplane=cilium to Azure CNI Powered by Cilium pod.
  • Introduced overlay-vpa-webhook-generation and overlay-vpa-cert-webhook-check jobs to cleanup and generate Vertical Pod Autoscaling secrets and webhook.
  • Change the default OS disk to Standard SSD instead of Standard HDD for VM SKUs that do not support ephemeral OS disks.
  • Starting 2023-06-02-preview API, pod CIDR is returned when network plugin is none.
  • Updated custom node configuration to change allowed value range for the following:
    • sysctls
      • netIpv4TcpkeepaliveIntvl - Previously: 10-75. New: 10-90.
      • netIpv4IpLocalPortRange - Previously: First (1024 - 60999) and Last (32768 - 65000). New: First (1024 - 60999) and Last (32768 - 65535).
      • netNetfilterNfConntrackMax - Previously: 131072 - 1048576. New: 131072 - 2097152.
      • netNetfilterNfConntrackBuckets - Previously: 65536 - 147456. New: 65536 - 524288.
    • ulimits
      • maxLockedMemory - Previously: unlimited. New: values > 0.
      • noFile - Previously: 1024. New: Values > 1024.
  • Removed unnecessary kubernetes.io/os: linux nodeSelector from Cilium daemonset in Azure CNI Powered By Cilium clusters.
  • kube-proxy-replacement-healthz-bind-address set to 0.0.0.0:10256 in cilium-config ConfigMap on Azure CNI Powered By Cilium clusters.
  • Default for node os upgrade channel updated to NodeImage in 2023-06-01 and 2023-06-02-preview APIs.
  • Registration of NodeOSUpgradeChannelPreview feature flag is only required to use SecurityPatch Channel.

• Bug Fixes

  • Fix a bug that could cause nodepool creation to retry unnecessarily in Azure CNI enhanced subnet support clusters.
  • Increased CSI snapshot timeout to 600s to fix the azure disk cross region snapshot timeout issue.

• Component Updates

  • cloud-node-manager updated to v1.24.21, v1.25.15, v1.26.11 and v1.27.5 on respective AKS versions.
  • Updated azure-cns version to 1.5.3.
  • Updated cluster-auto-scaler version to 1.26.5.
  • Updated virtual kubelet Azure ACI connector image to 1.4.16
  • Updated Cilium version to 1.12.10 in Azure CNI Powered by Cilium.
  • Updated Blob CSI driver to 1.21.4.
  • AKS Ubuntu 18.04 image has been updated to AKSUbuntu-1804-202306.13.0.
  • AKS Ubuntu 22.04 image has been updated to AKSUbuntu-2204-202306.13.0.
  • Azure Linux image has been updated to AzureLinux-202306.13.0.
  • AKS Windows 2019 image has been updated to 17763.4499.230614.
  • AKS Windows 2022 image has been updated to 20348.1787.230614.